Wanting advice on setting up a honeypot/proxy

nomb · 02-03-2006, 12:36 PM

I am going to use an old dell I have as a proxy server so I can share the internet through my Desktop. I am thinking of going like this.

[HTML]
Cable Wireless Wired Wireless
|-----| |-----| |----| |----|
Internet-Router_One-My_Desktop_Comp-Router_Two-Laptop[/HTML]

First I guess I need to ask if there are any recomended distros that I should use on my Desktop. Secondly are there any recomended proxys? I keep seeing one called Squid I was going to try that. Thirdly, Is it a security risk having your proxy server run a honeypot program. And of course fourthly

, are there any recomended honey pot programs? I love networking and linux so I finally decided to combine the two

. Should the proxy run the firewall? Anything better than IP tables? Sorry that I have a lot of questions.

Any help I can get would be awsome. Oh, I was thinking of using SSH to login to my proxy cause I only have one monitor and I don't have a KVM switch yet ><. Any thoughts on that?

bulliver · 02-03-2006, 02:07 PM

Squid is the de facto unix proxy, just as apache is the de facto unix webserver. You may well want to use it just because its popularity ensures the greater amount of tutorials/help/documentation available for it.

Quote:

s it a security risk having your proxy server run a honeypot program.

Well, since the entire point of a honeypot is to entice people to hack it, I would say this is a very bad idea. In fact it is a terrible idea. If you truly want to set up a honey pot then use a dedicated machine in a DMZ well separated from the LAN segment of your network.

Quote:

Should the proxy run the firewall? Anything better than IP tables?

Well, sounds like you need to set up a busybox/firewall on whichever machine is the gateway of your network. And what's wrong with iptables? Iptables is an extremely powerful and configurable tool for creating firewalls. And besides, I am not sure there is anything else available. Perhaps someone has ported BSD's pf to linux? I will tell you all those other firewall programs available are simply scripts/GUI frontends for iptables. Still, I recommend writing your iptable scripts from scratch to gain a better understanding of how it works.

I also think you should hold off on the honeypot until you have more experience with networking/security as willfully opening holes into your network is not something to be undertaking without a great deal of understanding od what you're doing.